Mobile IPv4 Challenge/Response Extensions
RFC 3012
Document | Type |
RFC - Proposed Standard
(November 2000; No errata)
Obsoleted by RFC 4721
|
|
---|---|---|---|
Authors | Pat Calhoun , Charles Perkins | ||
Last updated | 2013-03-02 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3012 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group C. Perkins Request for Comments: 3012 Nokia Research Center Category: Standards Track P. Calhoun Sun Microsystems Laboratories November 2000 Mobile IPv4 Challenge/Response Extensions Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. Abstract Mobile IP, as originally specified, defines an authentication extension (the Mobile-Foreign Authentication extension) by which a mobile node can authenticate itself to a foreign agent. Unfortunately, this extension does not provide ironclad replay protection for the foreign agent, and does not allow for the use of existing techniques (such as CHAP) for authenticating portable computer devices. In this specification, we define extensions for the Mobile IP Agent Advertisements and the Registration Request that allow a foreign agent to use a challenge/response mechanism to authenticate the mobile node. Perkins & Calhoun Standards Track [Page 1] RFC 3012 Mobile IPv4 Challenge/Response November 2000 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Mobile IP Agent Advertisement Challenge Extension . . . . . 3 3. Operation . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Mobile Node Processing for Registration Requests . . . 3 3.2. Foreign Agent Processing for Registration Requests . . 5 3.3. Foreign Agent Processing for Registration Replies . . 7 3.4. Home Agent Processing for the Challenge Extensions . . 7 4. MN-FA Challenge Extension . . . . . . . . . . . . . . . . . 7 5. Generalized Mobile IP Authentication Extension . . . . . . . 8 6. MN-AAA Authentication subtype. . . . . . . . . . . . . . . . 9 7. Reserved SPIs for Mobile IP. . . . . . . . . . . . . . . . . 9 8. SPI For RADIUS AAA Servers . . . . . . . . . . . . . . . . . 10 9. Configurable Parameters. . . . . . . . . . . . . . . . . . . 10 10. Error Values . . . . . . . . . . . . . . . . .. . . . . . . 10 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . 11 12. Security Considerations . . . . . . . . . . . . . . . . . . 12 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 References . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 A. Verification Infrastructure . . . . . . . . . . . . . . . . 14 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 17 1. Introduction Mobile IP, as originally specified, defines an authentication extension (the Mobile-Foreign Authentication extension) by which a mobile node can authenticate itself to a foreign agent. Unfortunately, this extension does not provide ironclad replay protection, from the point of view of the foreign agent, and does not allow for the use of existing techniques (such as CHAP [12]) for authenticating portable computer devices. In this specification, we define extensions for the Mobile IP Agent Advertisements and the Registration Request that allow a foreign agent to a use challenge/response mechanism to authenticate the mobile node. All SPI values defined in this document refer to values for the Security Parameter Index, as defined in RFC 2002 [8]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [1]. Perkins & Calhoun Standards Track [Page 2] RFC 3012 Mobile IPv4 Challenge/Response November 2000 2. Mobile IP Agent Advertisement Challenge Extension This section defines a new extension to the Router Discovery Protocol [3] for use by foreign agents that need to issue a challenge for authenticating mobile nodes. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Challenge ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: The Challenge ExtensionShow full document text